Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Using virtualized domain controller as NTP source ?

Posted on 2015-01-13
13
424 Views
Last Modified: 2015-01-14
Hi,

I'm currently planning to change the current NTP provider from a physical old Windows 2003 server into the new Windows Server 2008 R2 Domain Controller running as VMware virtual machine.

So what are the caveats or the steps that I need to know to avoid any issue in using VM as the NTP for the entire company / Data Centre ?

Do I have to transfer FSMO role to another Domain Controller to do this or this is just a simple Group Policy change to point to another Virtualized Domain Controller ?

Thanks.
0
Comment
  • 7
  • 4
  • 2
13 Comments
 
LVL 24

Assisted Solution

by:VB ITS
VB ITS earned 167 total points
ID: 40548328
As far as the NTP clients are concerned, it's just a change in Group Policy. They won't know if the NTP server is a VM or not, nor will they care.

Before you set your 2008 R2 DC as the NTP Server for your entire domain, make sure you've disabled the time synchronization between the host and the VM otherwise you may experience issues with time drift even if you configure the server to use an external time source.

On that topic - what do you plan on using as your time source on the 2008 R2 DC? Will you be using an external time source such as ntp.pool.org?
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40548356
Yes correct I will be using that pool.ntp.org lists with space in between the entries on the GPO.

How do I disable the time synch with the ESXi hosts ?
0
 
LVL 24

Assisted Solution

by:VB ITS
VB ITS earned 167 total points
ID: 40548362
See the steps in this article to disable time synchronization in ESXi: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1189

You'll need to shut down the VM and follow the steps in the above article if you want to completely disable time synchronization.
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 119

Assisted Solution

by:Andrew Hancock (VMware vExpert / EE MVE^2)
Andrew Hancock (VMware vExpert / EE MVE^2) earned 333 total points
ID: 40548420
Make sure that the old and new NTP Servers are running and issuing the same time!
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40548432
Thanks for the suggestion Andrew,

What do you mean by old and new ?
Do you mean I must check both the VM and the physical box so that there is no more than 5 minutes different ?
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40548497
And last question... Do I need to transfer the FSMO role PDC emulator from this physical windows 2003 box to the Windows 2008R2 VM ?
0
 
LVL 119

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 333 total points
ID: 40548527
Hang on I've just seen this.....do you have options of using an External NTP source on the ESXi hosts , rather than a virtual machine.

We setup as follows:-

1. ESXi hosts - External Time Source

2. Windows PDC Emulator - External Time Source (same source as 1)

3. Do not Sync time to hosts in the VMs.

4. Windows VMs in the Domain will get time from PDC emulator

5. Linux/Unix VMs external time source as 1.

(otherwise you have an issue when ESXi starts, there is no time source available because the VM is not started, and if the time is apart by over 1/2mins it will not sync)
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40548629
Hmm I got confused myself here.

So my initial plan is to do the following:

All windows server and workstations synch to the new Windows Server 2008 R2 VM (not yet PDC emulator). This VM is synchronized to the external source of Pool.ntp.org --> I'm wondering if I have to transfer the FSMO role to the new win2008R2 VM or not necessary.

All ESXi hosts synch to this one VM above.
All network devices (switch, router, SAN, NAS, etc...) synch to the same windows 2008 R2 VM.

Would that be possible ?
0
 
LVL 119

Assisted Solution

by:Andrew Hancock (VMware vExpert / EE MVE^2)
Andrew Hancock (VMware vExpert / EE MVE^2) earned 333 total points
ID: 40548646
Windows and Workstations will sync against the domain, so, no need to change anything there.

Yes, that's a good plan.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40548659
Cool, thanks for the quick reply.

So why your configuration for the ESXi points to the external NTP source rather than the Windows PDC role VM ?
I'm curious to know the reasoning on your configuration #1 (1. ESXi hosts - External Time Source).

As for configuration #3(3. Do not Sync time to hosts in the VMs.), only the PDC emulator role VM that does not synch with the ESXi servers.
0
 
LVL 119

Assisted Solution

by:Andrew Hancock (VMware vExpert / EE MVE^2)
Andrew Hancock (VMware vExpert / EE MVE^2) earned 333 total points
ID: 40548682
We have seen the NTP service on the ESXi host stop, and if you are syncing VMs with the host, they get the wrong time, so hence, sync time with domain.

We always like to sync servers with an external time source, we have seen issues on occasion with ESXi syncing with Domain, also we like to sync Physical Host to Physical Device, we have GPS and NTP Appliances.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 40548691
ah I see,

So "ESXi syncing with Domain" do you mean the issues was occurred when the ESXi synch the time with the PDC emulator role running as VM ?
0
 
LVL 7

Author Closing Comment

by:Senior IT System Engineer
ID: 40550650
Thanks !
0

Featured Post

The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This Micro Tutorial walks you through using a remote console to access a server and install ESXi 5.1. This example is showing remote access and installation using a Dell server. The hypervisor is the very first component of your virtual infrastructu…
This video shows you how easy it is to boot from ISO images for virtual machines with the ISO images stored on a local datastore on the ESXi host.

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question